The site Incident Response Plan or other procedure must include procedures to follow when a smartphone is reported lost or stolen.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-24962 | WIR-SPP-007-01 | SV-30699r3_rule | ECSC-1 VIIR-1 VIIR-2 | Low |
| Description |
|---|
| Sensitive DoD data could be stored in memory on a DoD operated smartphone and the data could be compromised if required actions are not followed when a smartphone is lost or stolen. |
| STIG | Date |
|---|---|
| Smartphone Policy Security Technical Implementation Guide | 2011-06-20 |
Details
| Check Text ( C-31122r3_chk ) |
|---|
| Detailed Policy Requirements: The site (location where smartphones are issued and managed and the site where the smartphone management server is located) must publish procedures to follow if a smartphone has been lost or stolen. The procedures should include (as appropriate): -Smartphone user notifies IAO, SM, and other site personnel, as required by the site’s Incident Response Plan, within the timeframe required by the site’s Incident Response Plan. -The IAO notifies the smartphone management server system administrator and other site personnel, as required by the site’s Incident Response Plan, within the timeframe required by the site’s Incident Response Plan. The site smartphone management server administrator sends a wipe command to the smartphone and then disables the user account on the management server or removes the smartphone from the user account. Check procedures: Interview the IAO. Review the site’s Incident Response Plan or other policies and determine if the site has a written plan of action. Mark as a finding if the site does not have a written plan of action following a lost or stolen smartphone. |
| Fix Text (F-27603r1_fix) |
|---|
| Publish procedures to follow if a smartphone is lost or stolen. |